Merge pull request #212 from nbaars/develop

Fixed #184

webgoat-container/src/main/java/org/owasp/webgoat/HammerHead.java

@@ -243,6 +243,7 @@ public class HammerHead extends HttpServlet {
         httpDateFormat.setTimeZone(TimeZone.getTimeZone("GMT"));
         propertiesPath = getServletContext().getRealPath("/WEB-INF/webgoat.properties");
         webgoatContext = new WebgoatContext(this);
+        logger.info("Browse to http://localhost:8080/WebGoat and happy hacking!");
     }
 
     /**

webgoat-container/src/main/java/org/owasp/webgoat/session/WebgoatContext.java

@@ -51,9 +51,6 @@ public class WebgoatContext {
     /** Constant <code>SHOWHINTS="ShowHints"</code> */
     public final static String SHOWHINTS = "ShowHints";
 
-    /** Constant <code>DEFUSEOSCOMMANDS="DefuseOSCommands"</code> */
-    public final static String DEFUSEOSCOMMANDS = "DefuseOSCommands";
-
     /** Constant <code>FEEDBACK_ADDRESS_HTML="FeedbackAddressHTML"</code> */
     public final static String FEEDBACK_ADDRESS_HTML = "FeedbackAddressHTML";
 
@@ -86,8 +83,6 @@ public class WebgoatContext {
 
     private boolean showSolution = false;
 
-    private boolean defuseOSCommands = false;
-
     private boolean enterprise = false;
 
     private boolean codingExercises = false;
@@ -123,7 +118,6 @@ public class WebgoatContext {
         showCookies = "true".equals(getParameter(servlet, SHOWCOOKIES));
         showSource = "true".equals(getParameter(servlet, SHOWSOURCE));
         showSolution = "true".equals(getParameter(servlet, SHOWSOLUTION));
-        defuseOSCommands = "true".equals(getParameter(servlet, DEFUSEOSCOMMANDS));
         enterprise = "true".equals(getParameter(servlet, ENTERPRISE));
         codingExercises = "true".equals(getParameter(servlet, CODING_EXERCISES));
         feedbackAddressHTML = getParameter(servlet, FEEDBACK_ADDRESS_HTML) != null ? getParameter(servlet,
@@ -192,15 +186,6 @@ public class WebgoatContext {
         return (databasePassword);
     }
 
-    /**
-     * <p>isDefuseOSCommands.</p>
-     *
-     * @return a boolean.
-     */
-    public boolean isDefuseOSCommands() {
-        return defuseOSCommands;
-    }
-
     /**
      * <p>isEnterprise.</p>
      *

webgoat-container/src/main/resources/log4j.properties

@@ -18,6 +18,7 @@ log4j.appender.CONSOLE.layout.conversionPattern=%d{yyyy-MM-dd HH:mm:ss,SSS} %-5p
 
 # a little less spring output
 log4j.category.org.springframework = INFO
+log4j.category.org.apache=INFO
 
 log4j.appender.default.out=org.apache.log4j.ConsoleAppender
 log4j.appender.default.out.threeshold=DEBUG

webgoat-container/src/main/webapp/WEB-INF/web.xml

@@ -126,10 +126,6 @@
             <param-name>CookieDebug</param-name>
             <param-value>true</param-value>
         </init-param>
-        <init-param>
-            <param-name>DefuseOSCommands</param-name>
-            <param-value>false</param-value>
-        </init-param>
         <init-param>
             <param-name>Enterprise</param-name>
             <param-value>true</param-value>

webgoat-container/src/main/webapp/WEB-INF/webgoat.properties

@@ -10,11 +10,9 @@ lesson.BasicAuthentication.hidden=true
 lesson.BlindScript.hidden=true
 lesson.RemoteAdminFlaw.hidden=true
 lesson.HttpSplitting.hidden=true
-lesson.BasicAuthentication.hidden=true
 lesson.SameOriginPolicyProtection.hidden=true
 lesson.SilentTransactions.hidden=true
 lesson.TraceXSS.hidden=true
 lesson.DBSQLInjection.hidden=true
 lesson.DBCrossSiteScripting.hidden=true
-lesson.XPATHInjection.hidden=true
 lesson.ForcedBrowsing.hidden=true